Warning: new virus, targets win nt and 2000 systems. more info inside.

[kain]

WASHINGTON (AP) - Anti-virus researchers were fighting a new Internet attacker Tuesday similar to the "Code Red" worm that infected hundreds of thousands of computers several months ago.

The worm, known as "W32.Nimda," had affected "thousands, possibly tens of thousands" of targets by midday Tuesday, according to Vincent Gullotto, head virus fighter at McAfee.com, a software company.


Even when the attack isn't successful, the worm's scanning process can slow down the Internet for many users and can have the effect of knocking Web sites or entire company networks offline.


The FBI is investigating the worm, said spokeswoman Debbie Weierman. The agency has not indicated whether the worm is connected to last week's terrorism attacks.


On security e-mail lists, system administrators nationwide reported unprecedented activity related to the worm, which tries to break into Microsoft's Internet Information Services software. That software was the same targeted by Code Red, and is typically found on computers running Microsoft Windows NT or 2000.


Most home users, including those running Windows 95, 98 or ME, are not affected.


Ken Van Wyk, chief technology officer at ParaProtect, said the worm tries to wriggle in through 16 known vulnerabilities in Microsoft's IIS, including the security hole left in some computers by the "Code Red II" worm, which followed Code Red in August.


Code Red, by comparison, attacked through only one hole, which could be patched by downloading a program from Microsoft's Web site.


"It's causing enormous pain because it is at least an order of magnitude more aggressive than Code Red," said Alan Paller, director of research at the nonprofit Sans Institute. "It's a pretty vigorous attacker."


In addition to direct Internet attacks, the worm can also travel via e-mail. The e-mail message is typically blank, and contains an attachment called "README.EXE." Antivirus experts warn that users shouldn't open unexpected attachments.


Efforts to isolate and track the worm were hampered by the swiftness of the attack. Gullotto said the first report came at about 9 a.m. EDT, from a site in Norway.


"It's taken down entire sites," Gullotto said. "I can't even get to the Internet right now."


On Monday, the FBI's National Infrastructure Protection Center warned that a hacker group called the "Dispatchers" said they would attack "communications and finance infrastructures" on or about Tuesday.


"There is the opportunity for significant collateral damage to any computer network and telecommunications infrastructure that does not have current countermeasures in place," officials said in a warning on the NIPC Web site.


Last week, the FBI warned that there could be an increase in hacking incidents after the twin attacks in New York and Washington. They advised computer users to update their antivirus software, get all possible security updates for their other software, and be extra careful online.

[Zeratul 982]

Good god, another virus?

[Zaldron]

It's about time...virus spreading won't exactly decrease. They're a blessing, actually. They show us security holes. It's up to the hackers to make them harmless or devastating.

[Arioch]

*sigh*

By all indications, every single one of the exploits used with this latest worm have already been patched, even the "running executable from e-mails" one (which is more of a social engineering problem) if you're using Outlook.

Why people don't keep up with the patches and the software upgrades is quite beyond me.

[Zaldron]

Beats me. I just don't understand why people would like to read a README.EXE from a blank mail. Worst thing is that guys who know nothing do that, and we are the ones forced to repair their comps. ;)

[Naked Snake]

Good god, another virus?

Yes, and its "worse that code red". Ph33r this lame virus. Most people who make viruses are idiots (acually they are intelligent but they are jerks) that shit on their comps all day looking at porn and making gay viruses.

[læmænt]

Beats me. I just don't understand why people would like to read a README.EXE from a blank mail. Worst thing is that guys who know nothing do that, and we are the ones forced to repair their comps. ;)

Zaldron, you might be interested in this ;)


Is it true that, as it says on Slashdot, that "Web servers compromised by this worm apparently attach a "readme.eml" to all web pages served... and due to a bug in IE5, it will automatically execute the file"? That doesn't sound real...

[Xenoman]

This virus has shown it's effect on my comp already. I can't play games online because the ping has increased to 200 (And I have broadband).

The comp is loading more resources (I can HEAR that. It's all shit.

[Captain Red]

horra! i'm immune! my puta's so shit that it carn't run virus!!!

[Xenoman]

Heh, keep your comp like that in a week or so and you'll be fine?

[Zaldron]

ME NEEDS THAT SHIRT.

[Xenoman]

ME NEEDS THAT SHIRT.

W00T?

[Executor666]

This is why I swear by Windows 98 Second Edition.

BTW, LOOK! IT'S ARIOCH! HIS FIRST POST IN MONTHS!!! W00t!!!

[Lüt]

HIS FIRST POST IN MONTHS!!!

NOT.

[Xenoman]

Argh, I should've started using Linux a looong time ago. :/

[Executor666]

Or Windows 98 SE.
:p

[Xenoman]

That's even more irritating, hehe.

[Arioch]

This is why I swear by Windows 98 Second Edition.

BTW, LOOK! IT'S ARIOCH! HIS FIRST POST IN MONTHS!!! W00t!!!

Open that attachment and you're still fucked. :) ... doesn't matter what e-mail client you use btw.

[Arioch]

That's even more irritating, hehe.

Oh and Xenoman, quit it or face the consequences.

[Xenoman]

Oh and Xenoman, quit it or face the consequences.

Now what's the problem???

[DooMBoy]

H4r h4r h4r.......think goodness I have Windows 98.......

[Crendowing]

Most home users, including those running Windows 95, 98 or ME, are not affected

WRONG!!!!. The computers at my school run on Win98, and they're suffering from the virus.

[Crendowing]

I took a look at that "ThinkGeek.com" place, and I bookmarked it! That kind of place is what I've been looking for!

[Crendowing]

How retarded is this?


I think the virus e-mail got sent to my Hotmail account. Sender's name, according to it, was "Hahahaha....". OK, here's my question. Who in his or her right mind would open any e-mail where it had a sender like that?

This goes to whoever sent that e-mail to me: YOU'RE A DUMBARSE!!!!!!!

[læmænt]

This virus has shown it's effect on my comp already. I can't play games online because the ping has increased to 200

HAHAHAHAHAHAH loser!!!!! :P

I almost never have ping below 200, and I'm on cable. That doesn't prevent me from playing though :P